Privacy Policy

1. Introduction

Diamond Core ("we", "us", "our") operates a baseball and softball scoring and statistics platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform, in compliance with the General Data Protection Regulation (GDPR) and applicable local data-protection legislation.

2. Data Controller

The data controller responsible for your personal data is the organisation that operates this Diamond Core instance. For questions about data processing, please contact your league or federation administrator.

3. What Data We Collect

We collect the following categories of personal data:

3.1 Account Data

Username and email address (provided at registration)
First name and last name
Password (stored as a salted hash — we never store plain-text passwords)

3.2 Player Data

Player name
Date of birth
Nationality / country of origin
Playing position, batting/throwing preferences
Player photograph (when provided)

3.3 Game and Scoring Data

Game events, lineups, scoring records, and box-score statistics
These records are linked to player and team identifiers

3.4 Technical Data

IP address (logged for security and consent audit purposes)
Browser user-agent string (logged with consent records)
Session identifiers
Cookie preferences

4. Why We Collect Data (Legal Basis)

Purpose	Legal Basis (GDPR Art. 6)
Providing the scoring and statistics platform	Legitimate interest (Art. 6(1)(f))
User authentication and access control	Contract performance (Art. 6(1)(b))
Recording player statistics and game data	Legitimate interest (Art. 6(1)(f))
Cookie consent and preference tracking	Consent (Art. 6(1)(a))
Security logging (IP addresses)	Legitimate interest (Art. 6(1)(f))

5. How We Store and Protect Data

All data is stored in a PostgreSQL database hosted within the European Union (AWS eu-north-1, Stockholm, Sweden).
Data in transit is encrypted using TLS/HTTPS.
Access to production systems is restricted to authorised personnel.
Passwords are stored using industry-standard salted hashing — we never store plain-text passwords.

6. Data Retention

Account data: retained while the account is active. Deleted upon request or account closure.
Player and game data: retained for the purpose of maintaining historical statistics. May be anonymised upon request.
Consent records: retained for 3 years as required for GDPR compliance proof.
Session data: automatically expires and is purged after session timeout.

7. Your Rights Under GDPR

As a data subject within the EU/EEA, you have the following rights:

Right of access (Art. 15) — request a copy of your personal data.
Right to rectification (Art. 16) — correct inaccurate data.
Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten").
Right to restrict processing (Art. 18).
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
Right to object (Art. 21) — object to processing based on legitimate interest.
Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting prior processing.

To exercise any of these rights, contact your league or federation administrator.

8. International Transfers

Your data is stored and processed within the European Economic Area (EEA). We do not transfer personal data outside the EEA.

9. Children's Data

Diamond Core may process data of players under 16 years of age. Such data is entered and managed by authorised league administrators, not by the minors themselves. We do not knowingly collect personal data directly from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The effective date at the top of this page indicates when the latest version took effect. We encourage you to review this policy periodically.

11. Contact

For any privacy-related questions or concerns, please contact your league or federation administrator, who will direct your enquiry to the appropriate data-protection contact.